N/A

Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.

N/A

N/A

OpenDocMan 多个参数跨站脚本漏洞

OpenDocMan 1.2.5版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助对(1)add.php,(2)toBePublished.php,(3)index.php,和(4)admin.php的last_message参数; 对(5)category.php,(6)department.php,(7)profile.php,(8)rejects.php,(9)search.php,(10) oBePublished.php,(11)user.php,和(12)view_file.php的默认URI

N/A

N/A